I'll look through the RA script. But still, if it's running as root, then it should be able to read the files. If it's not running as root, then it shouldn't be able to read the files when they're on local storage. I'm just not getting why it's OK with local, but not OK with shared.
This is Ubuntu 12.04, so selinux is not active by default. And pacemaker is not managing gluster. Thanks, pma Paul Archer, Linux System Administrator [email protected] 972-646-0137 cell 1717 McKinney Ave, Suite 800 Dallas, TX 75201 www.topgolf.com ________________________________________ From: [email protected] [[email protected]] on behalf of Andrew Beekhof [[email protected]] Sent: Monday, February 18, 2013 11:34 PM To: General Linux-HA mailing list Subject: Re: [Linux-HA] VirtualDomain resources won't migrate On Tue, Feb 19, 2013 at 3:09 AM, Paul Archer <[email protected]> wrote: > I'm still stuck with this problem. If /etc/libvirt is symlinked to shared > storage on a GlusterFS, then one of the daemons (/usr/lib/heartbeat/pengine, > I think) No. Not Pacemaker directly. Something in the resource agent script. > cannot read the XML file for the VMs (/etc/libvirt/qemu/<domain>.xml) because > libvirt insists on that file being owned by root and having permissions of > 600. And libvirt will fight to keep those permissions... Is selinux involved? Is pacemaker in charge of mounting the GlusterFS partition(s)? > But put the configs on local storage, and despite the ownership and > permissions being the same, pacemaker has no problem reading the files. Any > idea why, or what I need to change either with gluster or pacemaker (to read > the root-readable files), or with libvirt (so it'll stop changing the > permissions)? > > pma > > > Paul Archer, Linux System Administrator > [email protected] > 972-646-0137 cell > 1717 McKinney Ave, Suite 800 > Dallas, TX 75201 > www.topgolf.com > > ________________________________________ > From: [email protected] > [[email protected]] on behalf of Paul Archer > [[email protected]] > Sent: Thursday, February 14, 2013 12:28 PM > To: General Linux-HA mailing list > Subject: Re: [Linux-HA] VirtualDomain resources won't migrate > > I am soooo frelling close! But still having issues. > First, I found a thread > (http://comments.gmane.org/gmane.linux.highavailability.pacemaker/11880) > dealing with the same issue. It suggests that the reason for the 'not > installed' is that the VirtualDomain RA can't read the > /etc/libvirt/qemu/<domain>.xml file. So I tried moving mine to local storage, > and the 'not installed' errors went away. ( Plea to the devs: Please! O! > Please! flesh out that error message so it is more useful and makes sense. > Thanks!) > > It seems to be an issue of a non-root user accessing the files > (/etc/libvirt/qemu/<domain>.xml), which are owned by root, and have > permissions of 600 (rw only for root, no permissions for anyone else). I've > tried changing the permissions/ownership, but they get reset every time I > migrate the VM, even just through libvirt. The odd thing is that with local > storage, this isn't a problem. The shared FS is gluster, so I guess it's > something that gluster is doing (or not doing), but I'm not sure what. > > Can anyone tell me which process does the access, and if it's not running as > root, how it accesses those files when they're normally only readable by root? > > Thanks, > > pma > > > > > > _______________________________________________ > Linux-HA mailing list > [email protected] > http://lists.linux-ha.org/mailman/listinfo/linux-ha > See also: http://linux-ha.org/ReportingProblems _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
